mpuchstein/tutortool
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
a281d227c92eecbb9d65a42db492f9358b60b9a6
tutortool/docs/testing.md
s0wlz (Matthias Puchstein) ff5ad26cfc feat: harden security with httpOnly cookies and modernize frontend with Svelte 5 runes 
- Switched to secure httpOnly, SameSite=Strict cookies for JWT authentication.
- Refactored backend to use AppState for shared secrets and database pool caching.
- Modernized frontend with Svelte 5 runes ($state) and removed localStorage reliance.
- Gated destructive test endpoints behind debug_assertions and fixed unsafe test patterns.
- Enhanced CI pipeline with cargo clippy, cargo fmt, and pinned pnpm version.
- Updated documentation and implementation plans to match the hardened architecture.
2026-05-02 03:16:33 +02:00

80 lines
2.7 KiB
Markdown
Raw Blame History

This file contains ambiguous Unicode characters
This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.
# Testing
TutorTool has an E2E test pipeline built on Playwright, with a test-only backend daemon and fast SQLite DB reset.
## Quick start
```bash
# 1. Start the test backend (once per shell/worktree session)
make test-up
# 2. Run the E2E suite
pnpm --dir frontend test:e2e
# 3. Interactive UI mode (Playwright UI)
pnpm --dir frontend test:e2e:ui
# 4. Stop the backend when done
make test-down
```
## Make targets
| Command | What it does |
|---|---|
| `make test-up` | Build test DB (if missing), start backend on test port, wait for `/health` |
| `make test-down` | Kill the test backend |
| `make test-reset` | Reset DB to clean seed state via `POST /__test__/reset` (fast, ~10-50ms) |
| `make test-rebuild` | Wipe and rebuild test DB from migrations + seed (use after migration changes) |
| `make test-e2e` | `test-up` + `pnpm test:e2e` in one command |
## Worktree isolation
Each git worktree gets its own port and DB path — no collisions when running tests in parallel across branches.
The port is deterministic: `3100 + hash(worktree_path) % 100`. Run `bash scripts/test-env.sh` to see yours:
```
[test-env] TT_TEST_PORT=3142 TT_TEST_DB=/path/to/worktree/data/test/attendance.db
```
Set `TT_TEST_PORT_RANDOM=1` to bind to an ephemeral port instead (used in CI).
## MCP / interactive verification
After `make test-up`:
1. Ask Claude to open `http://127.0.0.1:<TT_TEST_PORT>/admin/login` via Playwright MCP.
2. Log in with seed credentials: `admin@tutortool.com` / `admin`.
3. Drive the app interactively; take screenshots to verify UI. (Note: Authentication is handled via secure `httpOnly` cookies).
4. Run `make test-reset` between scenarios to restore clean state.
## DB reset mechanism
The backend exposes `POST /__test__/reset` only when started with `TT_TEST_MODE=1` AND in debug builds. The handler deletes all rows in FK-safe order and re-applies `backend/demo/demo_seed.sql` in a single transaction. It never exists in production release builds.
## Seed data
| Resource | Value |
|---|---|
| Admin email | `admin@tutortool.com` |
| Admin password | `admin` |
| Course | Demo Course 101 (Summer 2026) |
| Students | Alice Smith … Judy Martinez (10 students) |
| Room | Room A (Small) |
| Slot | demo123 (open, 08:0018:00) |
## CI
The Gitea Actions workflow at `.gitea/workflows/ci.yml` runs on every push to `main` and on PRs:
1. Install deps (Node 22 + pnpm 9 + Rust 1.95)
2. Cache Cargo + pnpm store
3. `make lint` (Zero Warnings Policy: clippy, fmt, svelte-check)
4. `cargo test` (unit tests)
5. `pnpm build` (frontend build)
6. `make test-up` + `pnpm test:e2e` (E2E)
7. Upload `frontend/test-results/` + `frontend/playwright-report/` as artifacts on failure
CI sets `TT_TEST_PORT_RANDOM=1` so parallel runner jobs on the same host don't collide.
Reference in New Issue View Git Blame Copy Permalink